high tech is not the solution to the problems in your previous emails, but my comment was a bit of a sidetrack (that i wish to drop from this thread after this point is made):

i was strictly talking about an idea of how to hide a hot wallet server, disconnected from your previous points. the above, provided some basic precaution on part of the developer, would not reveal a means into the wallet server.

Oh, gotcha

Yes, securing hot wallets has been discussed, but I don't know the thread off hand.

I meant people seem to think hot wallets are the reason bitcoins are vulnerable, but wallets are only one potential vulnerability. This latest theft was due to sloppy password handling, and 40K USD was stolen in addition to 40K BTC.

folks,start putting together a wiki guide for making secure bitcoin apps, from web to desktop to mobile.

who is competent enough to make one? maybe start to collaboratively put that together? it's really important that everyone's knowledge on the subject of security start being pooled and guided so that new people coming into the community with an enthusiasm for making great apps, don't end up like bitcoinica!

I like the whole idea of Standard Operating Procedures (SOP), Transparency, Disclosures, Best Practices, etc for sites that take custody of customers funds. Not so much as a requirement for starting the site but as a way for potential/current customers to evaluate the risk involved when dealing with them.

The Bitcoin Protocol is innovative but financial institutions on the other hand have been around for a very long time.

I meant people seem to think hot wallets are the reason bitcoins are vulnerable, but wallets are only one potential vulnerability. This latest theft was due to sloppy password handling, and 40K USD was stolen in addition to 40K BTC.

You're right, I guess. Even if the bitcoin were offline, the thief could have wait and wait until the balances were loaded into mtgox and use to pay customers or the site start operating.

folks,start putting together a wiki guide for making secure bitcoin apps, from web to desktop to mobile.

who is competent enough to make one? maybe start to collaboratively put that together? it's really important that everyone's knowledge on the subject of security start being pooled and guided so that new people coming into the community with an enthusiasm for making great apps, don't end up like bitcoinica!

Don't know what you're goal is, but anything can be hacked with time. Using proper security techniques help, but anything can be by-passed. I.E 2-factor auth, dont use same passwords etc... Simple, logical things...

Tip, Don't believe everyone that says they are a security expert without any proof... I.E Patrick from Bitconica...

you will find professional people, who are very good at what they do. These people may even be persuaded to work on bitcoin - that place is like a repository of web app security. if a company does not follow thier advice...

go check it out. get some people interested...

bitcoin is a blockchain and interaction with this chain. it is not securing web apps.

But if you are holding other people's bitcoins, just securing the app is not enough. You need people who have experience securing money telling you how to create processes to make sure you're not the victim of embezzlement, that you are complying with legal requirements, keeping adequate records, keeping customers' funds separate from the funds used to pay expenses, that regular audits are done to detect problems early, and so on.